E-Discovery Compliance Requires Security Pros to Think As Lawyers Do

Perspectives: Think Like a Lawyer

This article can also be found in the Premium Editorial Download: Information Security magazine: Reviews of six top Web application firewalls:

When it comes to e-discovery, temporarily hang up your security hat.


Within any profession, but seemingly prevalent in technology, there are those who talk the talk, and those who walk the walk. Talkers are classic know-it-alls who talk their way through anything--and wouldn't let anyone know they're in way over their head. Walkers know what they're doing--and when they don't, aren't afraid to take pause.

Every now and again, the talker is called out--sometimes through a mistake or by someone with deeper technical expertise. While everyone makes mistakes, when it comes to handling e-discovery requests, errors or lack of knowledge can be damaging, costly, and simply unforgiving.

E-discovery begs the ultimate collision of legal and technology worlds. A retooling of thought toward a legal mindset is necessary to properly handle e-discovery requests. "Winging" a response or approach to a request isn't sufficient. Not only do you need to know what you're doing, but you have to be willing to acknowledge and learn what you don't know. This means putting on your data protection hat and a pair of legal glasses and thinking like a litigator.

The first step in thinking like a lawyer is figuring out what questions to ask or steps to take before arriving at a final answer--i.e., production of data. Even if an e-discovery request trickles down through layers of corporate hierarchy and it's unlikely you'll ever set foot in court, think about and document the methodology followed for data preservation, collection and processing, anticipating weaknesses the opponent will try to find.

The absence of scrupulous documentation with respect to data collection such as a record of how data was preserved and collected may serve as fodder for additional claims, defenses or theories. If you're asked to pull responsive data and the case lands in court two years later, you're probably not going to remember exactly how you fulfilled that request or the steps taken to get it ready to produce. Extensive documentation of methodology and process is critical, so you can confidently explain your process and repeat it later.

The recent Qualcomm discovery nightmare is a reminder to consider location, location, location--i.e., where a company harbors responsive material. An organization must make a good-faith effort to harvest documents from all potential repositories and give supported assurances of a complete search. Keep in mind that consequences flow from a lack of diligence, such as recklessly ignoring relevant documents, as sanctions on Qualcomm and its lawyers for withholding "tens of thousands of emails" adeptly illustrate in a patent infringement case against Broadcom.

Understand that lawyers may not always have the first clue about where to find requested documents, or understand how voluminous a request really is; that's where really knowing what you're talking about, or finding answers, becomes crucial.

When supporting e-discovery, think of yourself as a consultant, providing services necessary for your company's lawyers to understand what locations should be considered for a thorough harvest of responsive data. Part of that service is helping lawyers understand the effort required to execute their production request on its face. They might not fully realize that a request results in overly broad technical production.

As dramatic as it may sound, how you support e-discovery can play a pivotal role in case resolution, or even in the imposition of penalties or sanctions. There are very real consequences for the way e-discovery requests are handled. You can't afford not to get it right.

This was first published in March 2008

Dig deeper on Information Security Laws, Investigations and Ethics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close